Statistics for points on curves over finite fields Alina Bucur - PowerPoint PPT Presentation

Statistics for points on curves over finite fields Alina Bucur Department of Mathematics, UCSD; alina@math.ucsd.edu joint work with C. David (Concordia), B. Feigon (CCNY) and M. Lal´ ın (U. Montr´ eal) Conference on Geometry and Cryptography Tahiti, French Polynesia October 7-11, 2013 Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 1 / 35

Setup C smooth projective curve of genus g defined over finite field F q � ∞ � � u k Z C ( u ) def � � = exp # C F q k k k =1 P C ( u ) Z C ( u ) = deg P C ( u ) = 2 g (1 − u )(1 − qu ) Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 2 / 35

Setup C smooth projective curve of genus g defined over finite field F q � ∞ � � u k Z C ( u ) def � � = exp # C F q k k k =1 P C ( u ) Z C ( u ) = deg P C ( u ) = 2 g (1 − u )(1 − qu ) Question What can we say about statistics for # C ( F q ) as C and/or q varies? What can we say about statistics for zeros of Z C ( u ) as C and/or q varies? Recall: The zeroes are the reciprocals of the eigenvalues of the Frobenius automorphism # C ( F q ) = q + 1 − Trace(Frob C ) Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 2 / 35

Geometric situation: Katz-Sarnak philosophy Fix genus g , let q → ∞ When q → ∞ , the (normalized) zeroes of Z C ( u ) of curves C in a family are distributed like the eigenvalues of random matrices in the monodromy group of the family. Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 3 / 35

Geometric situation: Katz-Sarnak philosophy Fix genus g , let q → ∞ When q → ∞ , the (normalized) zeroes of Z C ( u ) of curves C in a family are distributed like the eigenvalues of random matrices in the monodromy group of the family. From the point of view of zeroes of Z C ( u ) , hyperelliptic curves behave like general curves in the moduli space of all curves of genus g . Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 3 / 35

Number of points Probabilistic situation Fix the finite field F q and let g → ∞ . Want the distribution of # C ( F q ) , as C runs through some family of curves whose genus grows to ∞ . Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 4 / 35

Number of points Probabilistic situation Fix the finite field F q and let g → ∞ . Want the distribution of # C ( F q ) , as C runs through some family of curves whose genus grows to ∞ . In typical cases, the answer will be in terms of a sum of i.i.d. random variables. Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 4 / 35

Number of points A few examples C : y p = f ( x ) over F q , q ≡ 1 (mod p ) Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 5 / 35

Number of points A few examples C : y p = f ( x ) over F q , q ≡ 1 (mod p ) # C ( F q ) = q + 1 − ( S χ ( f ) + S χ 2 ( f ) + . . . + S χ p − 1 ( f )) where S χ ( f ) = � x ∈ P 1 ( F q ) χ ( f ( x )) Then Prob( S χ ( f ) = t ) ∼ Prob( X 0 + . . . + X q = t ) p − 1  0 with probability   q + p − 1 X j = q p th roots of unity each with probability   p ( q + p − 1) p = 2 Kurlberg-Rudnick p ≥ 3 Bucur-David-Feigon-Lal´ ın Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 5 / 35

Number of points Compatibility with RMT: As both q , g → ∞ , get real Gaussian N (0; 1) for hyperelliptic curves and complex Gaussian with probability measure 1 π e − ( x 2 + y 2 ) dxdy . Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 6 / 35

Number of points p = 3 : cyclic trigonal curves y 3 = f ( x ) Heuristically, one can compute using CRT the probability that a polynomial f ( x ) = f 1 ( x ) f 2 2 ( x ), with deg f 1 = d 1 , deg f 2 = d 2 has no repeated roots in F q . And then the probability that such a polynomial takes a given set of values at the points of P 1 ( F q ) . They turn out to be exactly given exactly by i.i.d. random variables X 0 , X 1 , . . . , X q . Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 7 / 35

Number of points p = 3 : cyclic trigonal curves y 3 = f ( x ) Heuristically, one can compute using CRT the probability that a polynomial f ( x ) = f 1 ( x ) f 2 2 ( x ), with deg f 1 = d 1 , deg f 2 = d 2 has no repeated roots in F q . And then the probability that such a polynomial takes a given set of values at the points of P 1 ( F q ) . They turn out to be exactly given exactly by i.i.d. random variables X 0 , X 1 , . . . , X q . Imposing the square-free condition cuts uniformly across these sets, and being square-free is an event independent of imposing values at a finite number of points. Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 7 / 35

Number of points p = 3 : cyclic trigonal curves y 3 = f ( x ) Heuristically, one can compute using CRT the probability that a polynomial f ( x ) = f 1 ( x ) f 2 2 ( x ), with deg f 1 = d 1 , deg f 2 = d 2 has no repeated roots in F q . And then the probability that such a polynomial takes a given set of values at the points of P 1 ( F q ) . They turn out to be exactly given exactly by i.i.d. random variables X 0 , X 1 , . . . , X q . Imposing the square-free condition cuts uniformly across these sets, and being square-free is an event independent of imposing values at a finite number of points. The error term occurs because if one interprets the square-free condition as a collection of conditions indexed by irreducible polynomials, these individual conditions are only jointly independent in small numbers. Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 7 / 35

Number of points Fibers over P 1 : Melanie Matchett-Wood Can think of the previous situation as counting points in the fiber above each point of P 1 . For double covers, each fiber can have 2 , 0 or 1 points. Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 8 / 35

Number of points Fibers over P 1 : Melanie Matchett-Wood Can think of the previous situation as counting points in the fiber above each point of P 1 . For double covers, each fiber can have 2 , 0 or 1 points. T g is the moduli space of trigonal curves (degree 3 map to P 1 ) Idea: relate trigonal curves to cubic extensions of function fields, and then use methods coming from number fields to count cubic extensions with every possible fiberwise behavior above each rational point of the base curve. Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 8 / 35

Number of points Fibers over P 1 : Melanie Matchett-Wood If char F q ≥ 5 , as g → ∞ , Prob(# C ( F q ) = t ) ∼ Prob( X 0 + . . . + X q = t ) 2 q 2  0 with probability 6 q 2 +6 q +6   3 q 2 +6   1 with probability  6 q 2 +6 q +6 X j = 6 q 2 with probability  6 q 2 +6 q +6   q 2  3 with probability  6 q 2 +6 q +6 Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 9 / 35

Number of points Plane curves: joint work with David, Feigon, Lal´ ın H f : f ( X , Y , Z ) = 0 deg f = d Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 10 / 35

Number of points Plane curves: joint work with David, Feigon, Lal´ ın H f : f ( X , Y , Z ) = 0 deg f = d genus g = ( d − 1)( d − 2) / 2 for a smooth curve Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 10 / 35

Number of points Poonen’s sieve Theorem (Bertini with Taylor conditions: Poonen 2004) Let X be a quasi-projective subscheme of P n over F q , Z finite subscheme of P n such that U = X \ ( X ∩ Z ) is smooth of dimension m. Fix T ⊂ H 0 ( Z , O Z ) . Given a homogeneous polynomial f of degree d, let f | Z denote the element of H 0 ( Z , O Z ) that on each connected component Z i equals the restriction of x − d f to Z i , where j = j ( i ) is the smallest integer j 0 ≤ j ≤ n such that the coordinate x j is invertible on Z i . Then, as d → ∞ # { f ∈ S d ; H f ∩ U smooth, f | Z ∈ T } # T # H 0 ( Z , O Z ) ζ U ( m + 1) − 1 . ∼ # S d Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 11 / 35

Number of points Poonen’s sieve for plane curves X = P 2 n = m = 2 Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 12 / 35

Number of points Poonen’s sieve for plane curves X = P 2 n = m = 2 Z : an m 2 P neighborhood for each point P ∈ P 2 ( F q ) H 0 ( Z , O Z ) = � P O P / m 2 P Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 12 / 35

Number of points Poonen’s sieve for plane curves X = P 2 n = m = 2 Z : an m 2 P neighborhood for each point P ∈ P 2 ( F q ) H 0 ( Z , O Z ) = � P O P / m 2 P Idea: the probability that H f is smooth at a closed point P of the subscheme U is given by 1 − q − 3 deg P Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 12 / 35

Number of points Poonen’s sieve for plane curves X = P 2 n = m = 2 Z : an m 2 P neighborhood for each point P ∈ P 2 ( F q ) H 0 ( Z , O Z ) = � P O P / m 2 P Idea: the probability that H f is smooth at a closed point P of the subscheme U is given by 1 − q − 3 deg P If conditions were independent we would get that the probability that H f is smooth was 1 � (1 − q − 3 deg P ) = ζ U (3) P closed point of U Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 12 / 35

Number of points Poonen’s sieve for plane curves points of low degree (including the points of Z ) points of medium degree points of high degree Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 13 / 35